New Excel 0-day being exploited

Symantec is reporting that there is an exploit in the wild for an Excel 2007 and Excel 2007 SP1 zero-day remote code execution vulnerability (other versions may be affected as well).  There's not a lot of publicly available information about the trojan or the vulnerability.  Symantec is saying that the vulnerability is being exploited by a variant of the Mdropper trojan, which they are calling Trojan.Mdropper.AC.  There are no patches for this yet (which is part of the definition for 0-day, so duh).

SecurityFocus says the following about how you can be affected:

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Basically this means just to be careful about Excel files you open.  If you don't trust the source, don't open it.

Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon